Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Comments

top

Blackberry 10 Sends Full Email Account Credentials To RIM

bshroyer Re:Debunked - Did anyone actually try verifying th (191 comments)

Karl continues:

Let's push the button and see who talks to us.

Jul 18 10:25:05 NewFS imapd[88446]: Login user=test host=mc35536d0.tmodns.net [208.54.85.195]

And that's all. (That's the phone's IP address on T-Mobile, incidentally.)

Now let's look at the SMTP server and see if there's any evidence of a connection from the 68.171 address block -- which belongs to BlackBerry, and which is alleged tries to connect back.

[root@NewFS /var/log]# grep 68.171 spamblock
[root@NewFS /var/log]#

Nothing. Is the 208.54 address there?

Jul 18 10:09:21 NewFS spamblock-sys[81673]: Starting SSL/TLS negotiation with peer [208.54.85.195]
Jul 18 10:24:53 NewFS spamblock-sys[88447]: Starting SSL/TLS negotiation with peer [208.54.85.195]
[root@NewFS /var/log]#

Why yes there is, as the phone does connect to validate that the connection works (and it tells you it's doing so.) The other line, incidentally, is because there's another email account there (my real one!)

The phone connected to the SMTP server ("spamblock-sys" is my custom spam filter, which knows how to perform SSL/TLS negotiation) and performs a STARTTLS negotiation exactly as I told it to do.

Incidentally, it also brings up the server's certificate and asks me if it's ok too.

But there is no connection back to either service from any other location related to this account setup. Not from BlackBerry, not from some other place, nowhere. Period.

For those who want a bit more background on the SMTP side the code in question, particularly the SMTP code, is mine. The SMTP server in question ("Spamblock-Sys") was written from the ground up by myself. I know every single line of that code and am not relying on anyone else's word as to what is and is not logged, since I wrote it.

The IMAP server in question is WU's with moderate modification.

I have no idea if the guy in Germany is lying or if he is on an account provisioned for BIS (the older BlackBerry handsets) and his mobile provider is intercepting the transaction and passing it to BIS, which is doing what he's talking about.

about a year ago
top

Blackberry 10 Sends Full Email Account Credentials To RIM

bshroyer Debunked - Did anyone actually try verifying this? (191 comments)

Karl Denninger writes up his experience in attempting to replicate the claim. Karl calls BS:

http://market-ticker.org/cgi-ticker/akcs-www?singlepost=3242634

Don't Buy The BS Being Run on BB10 Email Security

There's a "report" flying around alleging that BB10 phones send unencrypted email passwords to BlackBerry and additionally that BlackBerry immediately connects back to the email server and signs on (which would, of course, require that it knows the password.)

This is easily tested and since I have a Z10 I decided to do exactly that.

What am doing here is setting up an account called "test" on my IMAP server to receive email and then will enter the credentials into the phone.

To make it interesting I will do it over the Cellular Connection rather than over WiFi, so that if the phone wants to do some sort of DNS lookup that my server might block (if it was using my DNS servers as it was connected via WiFi) it'll work.

Here we go. {full documentation follows}

about a year ago
top

Ask Slashdot: What Is the Best Note-Taking Device For Conferences?

bshroyer Re:What Is the Best Note-Taking Device For Confere (300 comments)

Care to explain what vim in laptop-mode is? (Genuinely interested)

Welcome to Slashdot, where non-sarcastic comments now require special markup.

more than 2 years ago
top

45-Year-Old Modem Used To Surf the Web

bshroyer Re:Does test equipment count? (622 comments)

I worked two summers back in the 1980s for a company that did FCC certification. Compaq would ship us their brand-spankin-new luggables and we'd see just how bad they interfered with prohibited bandwidth.

I spent a lot of time in front of that HP oscilloscope those summers.

more than 5 years ago
top

Cancer Drug Found; Scientist Annoyed

bshroyer Viagra: A failure with angina, (349 comments)

But a brilliant success with...

Honestly, I can only think of one word that rhymes with "angina."
Ironic. Whatever.

more than 7 years ago

Submissions

bshroyer hasn't submitted any stories.

Journals

bshroyer has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>